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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 23 November 2005 appealing from the Office action 
mailed 01 March 2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 
No amendment after final has been filed. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,128,738 DOYLE 10-2000 

5,757,920 MISRA 5-1998 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections -35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 1, 2, 4-6, 8-13, 15, 17, 18, 20-24 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Doyle, U.S. Patent No. 6,128,738, Referring to claims 1-4, 6, 11-13, 15-18, 23, 
24, Doyle discloses certificate-based security wherein a user, which meets the limitation of a 
service receiving device, requests access to secure applications from a host computer by mutual 
authentication (Col. 4, lines 63-66), which meets the limitation of service provider which is an 
authentication object that provides services and the service receiving device that is also is an 
authentication object and receives services provided by the service provider, using a user 
certificate and signature that was created by a gateway system (Col. 4, lines 22-55). The gateway 
system creates the certificate and signature in response to a request by a user for certification 
information (Col. 3, lines 1-14), which meets the limitations of an access control server 
registration server, wherein the access control server registration server is configured to execute 
a processing for requesting access control server to execute issuance of the access permission, 
upon receipt of an access permission issuance request from the service receiving device, at least 
one system holder which is an organization that provides or controls contents usable by a user 
terminal, the system holder is configured to administrate the service provider and the service 
receiving device and to treat the service provider and the service receiving device as 
authentication objects. If the user's certificate and signature are authenticated at the host system 
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the user is granted access to the secure applications, if not then the session is rejected (Col. 4, 
lines 49-55), which meets the limitation of wherein the service provider performs, based on the 
access permission, a decision as to whether an access request by the service receiving device is 
to be permitted. The user computer contains a storage means to store the security packet and 
certificate information (Col. 3, lines 46-53 & Fig. 5), which meets the limitation of a data storage 
means that stores an access permission containing service provider identification data which 
identifies the service provider an access to which by a device has been permitted. Doyle 
discloses that the certificates and signatures created are usable for a plurality of services (Col. 1, 
line 66 - Col. 2, line 15), which meets the limitation of generating access permissions in a form 
independently usable for the service provider that were formerly present in claims 7 and 19 and 
currently amended into claims 1 and 15. 

Referring to claim 5, Doyle discloses that the user certificate can provide user access to a 
plurality of host applications (Col. 5, line 59 - Col. 6, line 14). 

Referring to claims 8, 20, Doyle discloses that the certificates and signatures created are 
usable for a plurality of services (Col. 1, line 66 - Col. 2, line 15). 

Referring to claims 9, 21, Doyle discloses that the certificate is an electronic statement of 
identity that allows building a trust relationship between parties wishing to exchange information 
using a preexisting trust relationship that each of the parties has with a third party (Col. 1, lines 
5-9), which meets the limitations of an access control server set fixed field set by the access 
control server, and a service provider set option field set by each of the service providers. The 
certificate is created with digital signature information (Col. 3, lines 1-10), which meets the 
limitation of an electronic signature field to be performed by the access control sever. 
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Referring to claims 10, 22, Doyle discloses that the certificate contains user information 
that is a replacement for a user id and password (Col. 3, lines 4-9). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

Claim 14, 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Doyle, U.S. 
Patent No. 6,128,738, in view of Misra, U.S. Patent No. 5,757,920. Referring to claim 14, 25, 
Doyle discloses certificate-based security wherein a user, which meets the limitation of a service 
receiving device, requests access to secure applications from a host computer by mutual 
authentication (Col. 4, lines 63-66), which meets the limitation of service provider which is an 
authentication object that provides services and the service receiving device that is also is an 
authentication object and receives services provided by the service provider, using a user 
certificate and signature that was created by a gateway system (Col. 4, lines 22-55). The gateway 
system creates the certificate and signature in response to a request by a user for certification 
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information (Col. 3, lines 1-14), which meets the limitations of an access control server 
registration server, wherein the access control server registration server is configured to execute 
a processing for requesting access control server to execute issuance of the access permission, 
upon receipt of an access permission issuance request from the service receiving device, at least 
one system holder which is an organization that provides or controls contents usable by a user 
terminal, the system holder is configured to administrate the service provider and the service 
receiving device and to treat the service provider and the service receiving device as 
authentication objects. If the user's certificate and signature are authenticated at the host system 
the user is granted access to the secure applications, if not then the session is rejected (Col. 4, 
lines 49-55), which meets the limitation of wherein the service provider performs, based on the 
access permission, a decision as to whether an access request by the service receiving device is 
to be permitted. Doyle does not disclose that the certificates are revocable. Misra discloses a 
logon certification system wherein the certificates have expiration dates and are revocable (Col. 
9, lines 60-67). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made for the certificates of Doyle to be revocable in order to limit the security risk 
of having valid certificates for user accounts that are inactive as taught in Misra (Col. 10, lines 1- 
13). 

(10) Response to Argument 

Applicant's argument that Doyle does not disclose or suggest generation of the access 
permissions in a form independently usable for the service provider is not persuasive because 
Applicant has failed to distinguish the claimed invention from the Doyle reference. Using a 
broad but reasonable interpretation of "generation of the access permissions in a form 
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independently usable for the service provider", the Doyle reference reads on the claim limitation 
because Doyle discloses that the gateway system (Figure 6, element 615) generates the certificate 
and signature in response to a request by a user for certification information (Col. 3, lines 1-14 & 
Col. 4, lines 34-36) and the certification information is authenticated at the host system (Figure 
6, element 633) in order to grant the requesting user access to the desired applications (Col. 4, 
lines 49-55). This certification information meets the limitation of the claimed access 
permissions and because the gateway system generates the certification information for the host 
computer to authenticate the user's application request, the certification information is generated 
in a form independently usable by the host computer. Furthermore, the host computer is the only 
party in the system of Doyle that is capable of authenticated the user's request based on the 
certification information, which using a broad but reasonable interpretation would meet the 
claimed limitation. 

Applicant points to page 9, lines 17-20 and page 10, lines 16-18 of the specification to 
provide the support for the above mentioned claim limitation, but fails to distinguish the 
limitation from the broad but reasonable interpretation and the teachings in Doyle. The cited 
portions of the specification do not show or suggest that above mentioned limitation is anything 
but the broad but reasonable interpretation where the certification information is generated so 
that the host computer can authenticate a user request for secure applications using the 
certification information. 

Applicant appears to content that a user in the Doyle system would need to have new 
certification information generated for the use of each secure application in the host system, 
which is not the case when looking at the portion of Doyle cited by Applicant on page 6 of the 
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Appeal Brief (Doyle, Col 4, lines 15-21). Careful study of the cited portion of Doyle shows that 

the authentication procedures are repeated for each secure application but the certification 

information used, is the same. Below is the cited portion of Doyle. 

This same series of steps occurs when the user attempts to access CICS 517 or any other 
secure system on the remote host, but RACF 515, under the present invention is looking 
at the same user certificate information rather than, in the prior art, having the user 
utilize a different user id and password for each of the secure systems which the user 
desired to access. 

CICS 517 is one of the secure applications on the host computer, and the RACF is the 
portion of the host computer that performs the authentication (Col. 4, lines 47-55). The cited 
portion of Doyle clearly states that the RACF uses the same certification information to 
authenticate the user for different secure systems/applications. Therefore, Applicant has not 
distinguished the claimed invention from the Doyle reference. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
Benjamin E. Lanier 
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